Learn how to attack and defend the world s most popular web server platform
Linux Server Security: Hack and Defend presents a detailed guide for experienced admins, aspiring hackers and other IT professionals seeking a more advanced understanding of Linux security. Written by a 20-year veteran of Linux server deployment this book provides the insight of experience along with highly practical instruction.
The topics range from the theory of past, current, and future attacks, to the mitigation of a variety of online attacks, all the way to empowering you to perform numerous malicious attacks yourself (in the hope that you will learn how to defend against them). By increasing your understanding of a hacker s tools and mindset you're less likely to be confronted by the all-too-common reality faced by many admins these days: someone else has control of your systems.
Master hacking tools and launch sophisticated attacks: perform SQL injections, deploy multiple server exploits and crack complex passwords.
Defend systems and networks: make your servers invisible, be confident of your security with penetration testing and repel unwelcome attackers.
Increase your background knowledge of attacks on systems and networks and improve all-important practical skills required to secure any Linux server.
The techniques presented apply to almost all Linux distributions including the many Debian and Red Hat derivatives and some other Unix-type systems. Further your career with this intriguing, deeply insightful, must-have technical book. Diverse, broadly-applicable and hands-on practical, Linux Server Security: Hack and Defend is an essential resource which will sit proudly on any techie's bookshelf.
CHRIS BINNIE is a Technical Consultant with 20 years of experience working with Linux systems, and a writer for Linux Magazine and Admin Magazine. He built an Autonomous System Network in 2005, and served HD video to 77 countries via a media streaming platform that he architected and built. Over the course of his career, he has deployed many servers in the cloud and on banking and government server estates.
Preface xiii Introduction xv Chapter 1: Invisibility Cloak 1 Background 1 Probing Ports 1 Confusing a Port Scanner 2 Installing knockd 2 Packages 3 Changing Default Settings 3 Altering Filesystem Locations 4 Some Config Options 5 Starting the Service 5 Changing the Default Network Interface 5 Packet Types and Timing 5 Testing Your Install 6 Port Knocking Clients 7 Making Your Server Invisible 7 Testing Your iptables 8 Saving iptables Rules 9 Further Considerations 10 Smartphone Client 10 Troubleshooting 10 Security Considerations 10 Ephemeral Sequences 11 Summary 12 Chapter 2: Digitally Fingerprint Your Files 13 Filesystem Integrity 13 Whole Filesystem 16 Rootkits 17 Confi guration 19 False Positives 21 Well Designed 22 Summary 23 Chapter 3: Twenty-First-Century Netcat 25 History 25 Installation Packages 27 Getting Started 27 Transferring Files 29 Chatting Example 30 Chaining Commands Together 30 Secure Communications 31 Executables 33 Access Control Lists 34 Miscellaneous Options 34 Summary 35 Chapter 4: Denying Service 37 NTP Infrastructure 37 NTP Reflection Attacks 38 Attack Reporting 40 Preventing SNMP Reflection 41 DNS Resolvers 42 Complicity 43 Bringing a Nation to Its Knees 44 Mapping Attacks 45 Summary 46 Chapter 5: Nping 49 Functionality 49 TCP 50 Interpreter 51 UDP 52 ICMP 52 ARP 53 Payload Options 53 Echo Mode 54 Other Nping Options 57 Summary 58 Chapter 6: Logging Reconnoiters 59 ICMP Misconceptions 59 tcpdump 60 Iptables 61 Multipart Rules 64 Log Everything for Forensic Analysis 64 Hardening 65 Summary 67 Chapter 7: Nmap s Prodigious NSE 69 Basic Port Scanning 69 The Nmap Scripting Engine 71 Timing Templates 73 Categorizing Scripts 74 Contributing Factors 75 Security Holes 75 Authentication Checks 77 Discovery 78 Updating Scripts 79 Script Type 80 Regular Expressions 80 Graphical User Interfaces 81 Zenmap 81 Summary 82 Chapter 8: Malware Detection 85 Getting Started 85 Definition Update Frequency 85 Malware Hash Registry 86 Prevalent Threats 86 LMD Features 86 Monitoring Filesystems 88 Installation 88 Monitoring Modes 90 Configuration 91 Exclusions 91 Running from the CLI 92 Reporting 92 Quarantining and Cleaning 93 Updating LMD 94 Scanning and Stopping Scans 94 Cron Job 96 Reporting Malware 96 Apache Integration 96 Summary 97 Chapter 9: Password Cracking with Hashcat 99 History 99 Understanding Passwords 99 Keyspace 100 Hashes101 Using Hashcat 103 Hashcat Capabilities 103 Installation 103 Hash Identifi cation104 Choosing Attack Mode 106 Downloading a Wordlist 106 Rainbow Tables 107 Running Hashcat 107 oclHashcat 110 Hashcat-Utils 111 Summary 111 Chapter 10: SQL Injection Attacks 113 History 113 Basic SQLi 114 Mitigating SQLi in PHP 115 Exploiting SQL Flaws 117 Launching an Attack 118 Trying SQLi Legally 120 Summary 121 Index 123